Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/KBXJI5UIPp4vp4myMJ9w08TgQzE.roa
File:                     KBXJI5UIPp4vp4myMJ9w08TgQzE.roa (raw, json)
Hash identifier:          VW6V6eR6e2qlUAXPTaYVT5ykAM5c8BoyllEiXJtc7AA=
Subject key identifier:   28:15:C9:23:95:08:3E:9E:2F:A7:89:B2:30:9F:70:D3:C4:E0:43:31
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E148EB646E16A432A6B2A97BA1213
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/KBXJI5UIPp4vp4myMJ9w08TgQzE.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202375
IP address blocks:        89.45.209.0/24 maxlen: 24
                          89.42.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:14:8e:b6:46:e1:6a:43:2a:6b:2a:97:ba:12:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2815c92395083e9e2fa789b2309f70d3c4e04331
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:47:ea:53:d6:3a:78:32:46:ab:96:d1:b6:7d:
                    02:ba:66:7e:2b:97:ab:4e:95:00:a1:a4:91:c8:57:
                    62:10:3e:18:6b:ad:bc:88:d9:35:94:a5:0d:aa:94:
                    99:8e:54:c4:4c:aa:1e:c1:67:21:d1:8e:36:33:47:
                    55:da:b1:7a:15:d4:e7:b4:a9:ea:4c:5b:80:4f:5a:
                    34:da:67:f7:a0:9e:46:fe:c7:05:fa:cc:be:a9:84:
                    b0:5a:79:f0:14:3c:1a:4d:a1:f3:1a:19:cf:20:45:
                    12:68:35:89:e7:58:3c:e7:70:2f:14:c9:e2:f1:df:
                    0b:ff:72:7e:93:17:c8:62:55:1e:c4:ca:45:c8:90:
                    48:8e:33:f6:43:39:b0:f3:0f:fd:43:0e:c4:af:63:
                    e4:76:25:e4:10:c2:fb:db:7d:78:86:c5:1a:b3:38:
                    16:3f:7f:e7:93:27:db:57:eb:12:9c:6d:cb:98:ca:
                    74:b1:d0:bf:9b:1b:94:f4:1c:64:2c:4a:92:3b:e6:
                    0f:7d:4f:4b:22:34:01:bb:a5:1d:73:e0:c4:34:88:
                    d4:44:e6:d1:a1:c3:e0:ba:50:1c:47:8a:34:04:57:
                    de:3f:1b:5b:55:cd:68:eb:ba:c3:75:75:88:3e:9d:
                    66:38:20:a3:64:93:66:f8:45:ec:47:48:bf:c3:c6:
                    80:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:15:C9:23:95:08:3E:9E:2F:A7:89:B2:30:9F:70:D3:C4:E0:43:31
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/KBXJI5UIPp4vp4myMJ9w08TgQzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.71.0/24
                  89.45.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:f6:87:53:b4:70:74:fc:d2:40:75:7e:a2:79:b9:71:06:92:
         8f:75:b2:9d:b8:bc:00:8c:65:01:35:3f:46:ba:38:95:4f:90:
         83:9e:83:53:30:e2:bb:c8:0b:f5:dc:5a:91:ae:8d:0b:a3:ba:
         b0:26:aa:84:95:dd:01:aa:e0:85:a6:89:a2:66:ae:07:75:16:
         23:1e:25:83:51:63:64:65:97:78:64:d2:08:84:35:4d:60:3e:
         56:c2:56:47:37:8b:61:61:78:10:15:82:8f:d0:b1:b9:9a:44:
         03:3a:a2:68:ec:94:f9:0a:4d:79:4e:07:fc:59:e2:72:8f:4c:
         24:0a:c8:1b:e3:bb:ab:22:2d:05:09:ec:b9:d9:f5:a0:9c:cb:
         a9:f0:13:65:13:1e:d1:75:c5:69:4e:9e:be:ee:44:19:23:30:
         8f:04:2f:53:55:74:9d:77:2d:40:45:69:52:b6:6e:b3:bd:9e:
         de:76:a6:b2:fa:68:f7:a4:e6:96:e1:48:9b:55:ea:f3:c9:e5:
         8d:32:5f:40:2e:8a:c6:1c:c3:ac:55:04:4d:e3:56:60:31:01:
         f9:69:ca:27:24:26:5c:bd:85:ea:0d:43:a9:a2:32:c4:18:11:
         34:0c:fb:e7:bc:c9:5b:af:93:b2:81:a4:27:42:39:e5:2c:3e:
         61:8a:5d:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbhSOtkbhakMqayqXuhITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODE1YzkyMzk1MDgzZTllMmZhNzg5YjIzMDlmNzBkM2M0ZTA0MzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUfqU9Y6eDJGq5bRtn0CumZ+K5er
TpUAoaSRyFdiED4Ya628iNk1lKUNqpSZjlTETKoewWch0Y42M0dV2rF6FdTntKnq
TFuAT1o02mf3oJ5G/scF+sy+qYSwWnnwFDwaTaHzGhnPIEUSaDWJ51g853AvFMni
8d8L/3J+kxfIYlUexMpFyJBIjjP2Qzmw8w/9Qw7Er2PkdiXkEML72314hsUaszgW
P3/nkyfbV+sSnG3LmMp0sdC/mxuU9BxkLEqSO+YPfU9LIjQBu6Udc+DENIjURObR
ocPgulAcR4o0BFfePxtbVc1o67rDdXWIPp1mOCCjZJNm+EXsR0i/w8aAgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCgVySOVCD6eL6eJsjCfcNPE4EMxMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvS0JYSkk1VUlQcDR2cDRteU1KOXcwOFRnUXpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSpHAwQA
WS3RMA0GCSqGSIb3DQEBCwUAA4IBAQC19odTtHB0/NJAdX6ieblxBpKPdbKduLwA
jGUBNT9GujiVT5CDnoNTMOK7yAv13FqRro0Lo7qwJqqEld0BquCFpomiZq4HdRYj
HiWDUWNkZZd4ZNIIhDVNYD5WwlZHN4thYXgQFYKP0LG5mkQDOqJo7JT5Ck15Tgf8
WeJyj0wkCsgb47urIi0FCey52fWgnMup8BNlEx7RdcVpTp6+7kQZIzCPBC9TVXSd
dy1ARWlStm6zvZ7edqay+mj3pOaW4UibVerzyeWNMl9ALorGHMOsVQRN41ZgMQH5
aconJCZcvYXqDUOpojLEGBE0DPvnvMlbr5OygaQnQjnlLD5hil3V
-----END CERTIFICATE-----